Lenny Zeltser, of the SANS Internet Storm Center, posted his Three Laws of Behavior Dynamics for Information Security. These laws describe why people follow or don’t follow new security initiatives. Basically, it describes how people react to change overall, but Zeltser focuses on security change specifically.

Incidentally, if you’re a security professional or an IT geek that wants to check the daily pulse of security around the world, I’d recommend reading the SANS Handler’s Diary on a daily basis. The diary provides information and analysis about current Internet attacks/scans, vulnerabilities, vendor updates, various security topics, and their current Internet Threat Level.